Possible Mail server compromise ?

["Faas M. Mathiasen" <faas.m.mathiasen () googlemail com>]

Dear List,
"We" have noticed a odd traffic pattern emerging from our mail
servers, an important amount of data left our network over the mail
server. Please understand "we" would like
to remain anonymous at this point. We monitored our mail servers for
availability and the patch level is as to latest specifications,
additionally we have anti-virus software
 installed on all E-mail servers.

Is anybody aware of an unpatched exploit against Exchange Server 2007  ?
 Is there any other threat we have not taken into consideration ?

Do you have recommendations as to how to proceed ? Obviously our mail
server hold important information and we can't simply turn them off,
though we have procedures on how to respond to incidents we don't have
a procedure for this particular case, as our mail server is inside our
company, maintained and updated regularly we had no important reason
to believe it could be compromised.

We are currently investigating and took it off line for a few hours,
while installing a new clean server.

Regards,
Faas M. Mathiasen
CISSP Denmark